A third-party vendor reportedly compromised over 89 million Steam user credentials, now circulating on the dark web. While Steam itself wasn’t hacked, the breach poses a serious risk to player security.

Steam has long been considered one of the most secure PC gaming platforms. But that reputation took a hit following reports that a third-party vendor, potentially once linked to Valve, has suffered a breach that exposed sensitive user data of nearly 89 million accounts.

That staggering number represents around 70% of Steam’s current active user base, making this one of the most significant leaks in recent memory. Mellow_Online1 raised the alert on Twitter, who flagged a LinkedIn post shared by Underdark AI. According to the data, a hacker known as Machine1337 claimed on a dark web forum to possess the records, which reportedly include usernames, passwords, and two-factor authentication SMS logs.

The hacker didn’t publish the full scope of the data, but Underdark AI’s analysis suggests it could also include message contents, metadata, delivery statuses, and more. The compromised vendor — unnamed but referenced in the leaked files — is believed to be involved in handling 2FA messages for Steam users.

While Steam’s servers appear unaffected directly, the breach still raises the risk of social engineering attacks and unauthorized account access. Users are urged to change their Steam passwords immediately and activate Steam Guard for extra protection. Never reuse passwords across platforms, and only trust 2FA codes initiated by your own actions.

Source: XDA Developers